; Function: Demo the way to determine if you have administrator privileges ; Author: Purple Endurer ; Dev: Win XP SP2 + MASM32 v8 ; ; log ; --------- ; 2006-12-06 Passed! ; 2006-12-05 Created! .486 .model flat, stdcall option casemap: none ;case sensitive include /masm32/ include/windows.inc include /masm32/ include/kernel32.inc includelib /masm32/ lib/kernel32.lib include /masm32/ include/user32.inc includelib /masm32/ lib/user32.lib include /masm32/ include/advapi32.inc includelib /masm32/ lib/advapi32.lib IsAdmin PROTO d_UseGlobeVar equ 0 .data g_szAppName db "IsAdmin", 0 g_szHaveAdminPriv db "You have Admin privileges!", 0 g_szNoAdminPriv db "You don't have Admin privileges!", 0 if d_UseGlobeVar eq 1 g_stSiaNtAuthority SID_IDENTIFIER_AUTHORITY <SECURITY_NT_AUTHORITY> endif .code Start: invoke IsAdmin .if eax == TRUE mov eax, offset g_szHaveAdminPriv .else mov eax, offset g_szNoAdminPriv .endif invoke MessageBox, NULL, eax, offset g_szAppName, MB_OK invoke ExitProcess, 0 IsAdmin proc local hCurrentThread, hAccessToken, hCurrentProcess: HANDLE local dwInfoBufferSize, pInfoBuffer, dwSuccess, psidAdministrators: dword if d_UseGlobeVar eq 0 local stSiaNtAuthority: SID_IDENTIFIER_AUTHORITY endif invoke GetCurrentThread mov hCurrentThread, eax invoke OpenThreadToken, hCurrentThread, TOKEN_QUERY, TRUE, ADDR hAccessToken .if eax == 0 invoke GetLastError cmp eax, ERROR_NO_TOKEN je @F mov eax, FALSE jmp @IsAdminRet @@: invoke GetCurrentProcess mov hCurrentProcess, eax invoke OpenProcessToken, hCurrentProcess, TOKEN_QUERY, ADDR hAccessToken or eax, eax jnz @F mov eax, FALSE jmp @IsAdminRet .endif @@: invoke GetTokenInformation, hAccessToken, TokenGroups, NULL, NULL, ADDR dwInfoBufferSize .if dwInfoBufferSize > 0 invoke GlobalAlloc, GMEM_FIXED, dwInfoBufferSize mov pInfoBuffer, eax invoke GetTokenInformation, hAccessToken, TokenGroups, pInfoBuffer, dwInfoBufferSize, ADDR dwInfoBufferSize .endif mov dwSuccess, eax invoke CloseHandle, hAccessToken cmp dwSuccess, 0 jne @F mov eax, FALSE jmp @IsAdminRet @@: if d_UseGlobeVar eq 1 invoke AllocateAndInitializeSid, offset g_stSiaNtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, ADDR psidAdministrators else invoke RtlZeroMemory, addr stSiaNtAuthority, sizeof stSiaNtAuthority mov byte ptr [stSiaNtAuthority+5], 5 ;SECURITY_NT_AUTHORITY equ {0,0,0,0,0,5} invoke AllocateAndInitializeSid, addr stSiaNtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, ADDR psidAdministrators endif or eax, eax jnz @F mov eax, FALSE jmp @IsAdminRet @@: mov dwSuccess, FALSE mov ebx, pInfoBuffer mov ecx, TOKEN_GROUPS.GroupCount[ ebx] xor esi, esi .while esi < ecx push esi push ecx mov ecx, TOKEN_GROUPS.Groups.Sid[ ebx] mov eax, sizeof TOKEN_GROUPS.Groups xor edx, edx mul esi ;eax * esi -> eax add ecx, eax invoke EqualSid, psidAdministrators, ecx pop ecx pop esi .if eax != 0 mov dwSuccess, TRUE .break .endif inc esi .endw invoke FreeSid, psidAdministrators invoke GlobalFree, pInfoBuffer mov eax, dwSuccess @IsAdminRet: ret IsAdmin endp end